If you enable a custom password policy in your GLM/SLM site, you also have the option to require two-factor authentication for users. This requirement is configured by user role.
Two-factor authentication is an additional layer of security. It requires a user to enter both their password and a verification code to log on to a site. When enabled in your GLM/SLM site, a user will need to enter their password and a verification code once per day (as long as they're using the same browser). Throughout the rest of the day, they will only need to enter their password to log back on.
Two-Factor Authentication Setup (for users with any role in your site) explains how to log on using two-factor authentication.
Follow these steps to require two-factor authentication:
- Refer to Set User Password Policy for the other steps in setting a custom password policy.
- While editing the User Password Policy setting, select the role(s) for which you'd like to require two-factor authentication.
- Click OK.
- When a user with that role logs in, they will see instructions for setting up two-factor authentication.
- This involves downloading a two-factor authenticator app, which will generate a unique verification code which they are prompted to enter in the site.
- When logging in again (for the first time each day), the user will be prompted to enter a verification code.
- They will need to open their two-factor authenticator app again, which will provide them with a time-sensitive verification code to enter in the site.